this post was submitted on 15 Feb 2026
21 points (100.0% liked)

Selfhosted

56902 readers
821 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
21
Is it feasible to run a TURN server behind NAT? (lemmy.ca)
submitted 1 week ago* (last edited 1 week ago) by hackysphere@lemmy.ca to c/selfhosted@lemmy.world
20 comments fedilink hide all child comments
 

I am running a defederated local Matrix server, and I need to set up calls. From what I can tell, the "legacy" calls require a STUN and TURN server, and the new MatrixRTC standard seems to require them as well for Livekit to work. However, I do not want to expose anything out to the public internet, as I want everything to be behind NAT for local access only (all of the clients for the server will also be behind the NATted network). I also have Tailscale running on my servers, and it would be useful if I would be able to connect to the TURN server even when not in the network. Is there a way to get STUN/TURN to work in this situation? It seems that all the servers expect to have public network access.

you are viewing a single comment's thread
view the rest of the comments
[–] Aganim@lemmy.world 1 points 1 week ago* (last edited 1 week ago) (2 children)

Have I got news for you. ☹️

Edit: I'll just add an '/s' for good measure, as apparently I was too subtle. Be sensible, don't do NAT66.

[–] thelittleblackbird@lemmy.world 3 points 1 week ago (1 children)

What a lot of nonsense. Of course the technology exists and of course it can be done. But in reality is not done because it simply doesn't bring any benefit.

And in addition a address translation is not nat (tm) because the server can be hit from the outside.

Today in ipv4 we have likely 2 Nats, 1 after your router and the other by the carrier (cgnat) and ipv6 those are non existent

[–] Aganim@lemmy.world 3 points 1 week ago* (last edited 1 week ago) (1 children)

It was meant tongue-in-cheek, you seem to be taking it much more seriously than I intended it to be. 🙂

But in reality is not done because it simply doesn't bring any benefit.

Fully agree that there is absolutely no benefit to NAT66, it only causes enormous headaches. I sincerely hope nobody uses it these days, this poor bastard however did manage to find a VPS provider that used NAT66 back in 2018: https://blog.apnic.net/2018/02/02/nat66-good-bad-ugly/ 🤢

[–] thelittleblackbird@lemmy.world 4 points 1 week ago (1 children)

Fuck, there is a law in internet (which name I cannot recall) about the impossibility of distinguish an ironic message.

I felt in that trap completely!!

[–] Aganim@lemmy.world 2 points 1 week ago

Haha, don't worry, no harm done. Maybe I was a bit too subtle in hindsight.

That's Poe's Law by the way.

[–] possiblylinux127@lemmy.zip 1 points 1 week ago

Don't NAT ipv6. It is bad in so many ways.